If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Experts predict Firefox spyware will show up this year

One of the main reasons for the Firefox browser's successful seizure of market share from Microsoft's Internet Explorer is the desire to escape the inundation of PC-slowing spyware. However, spyware experts indicate that with its increased popularity, Firefox itself will become a target for spyware creators, who are already poking at the open source browser alternative.

Webroot Vice President of Threat Research Richard Stiennon said he expects there will be spyware for Firefox this year, adding that while the browser was designed to be immune from the spyware infecting IE, Firefox will face a new breed of spyware tailored specifically for it.

"Basically, if you use Firefox today, you're not susceptible to any spyware, other than what you download when you're on Kazaa," Stiennon said. "The spyware writers target mostly Explorer users because that's the most fertile feeding ground for piranha-like (spyware) attacks. They'll watch as Firefox becomes mainstream, they'll see opportunity there and start targeting them."

Spyware action and reaction

Stiennon said while spyware for Explorer has become widespread and relatively easy to create, it will be the more advanced spyware writers who turn their sites on Firefox.

"It'll be the more sophisticated guys that'll write Firefox spyware," he said. "I predict that by the middle of the year, we'll start to see it."

Stiennon also said Firefox was created specifically, in part, to avoid the kind of spyware that has riddled Explorer along with worms and adware.

"Firefox was written for the existing world of Internet Explorer exploits, but it has its own vulnerabilities that will be exploited," he said.

Stiennon said while a computer running Firefox will still not be as good of a machine to infect with spyware and it takes the malicious software some time to have an impact, the Mozilla browser will come under fire as it nears and surpasses 10 percent market share.

Nevertheless, Stiennon also indicated the creators, maintainers, and even users of Firefox will quickly and aggressively step up their anti-spyware efforts along with the increased threat.

"The people who use Firefox -- their reaction to any spyware-type attacks will be pretty vehement," he said. "There'll be fast reaction from both Firefox developers and users."

Not so fast for Firefox

Despite Stiennon's prediction, other experts are not convinced that spyware will besiege Firefox as soon as this year. Computer Associates Director of Malicious Content Research Roger Thompson said although spyware for Firefox this year is possible, it is unlikely.

"It's possible," Thompson wrote in an email to NewsForge. "While user numbers would need to be pretty big to present a more attractive target than something known to be on about every desktop by default, I don't believe the botherds (a bot gives the botherd complete control over a "zombied" machine) are actually doing their own research. They are merely following the security lists closely, and quickly implementing those exploits, and vulnerability researchers probably do subject Firefox to scrutiny, and probably do find things, so it is possible.

"But unlikely," Thompson continued. "The preponderance of Internet Explorer users is simply too good a target. And in any case, it's just not necessary and only a small percentage of spyware plants via an exploit -- most relies on social engineering to 'talk' people into installing it, or by allying itself with some 'desirable' service or product, such as the various P2P networkers."

Thompson, however, said some typical spyware vectors may be open for Firefox, too. To infect and run on machines, for example, much of today's spyware either talks directly via port 80, or inserts itself as a Layered Service Provider (LSP), "which will nail Firefox too," Thompson said.

The expert also said with increased spyware competition, which he is seeing already, anything is possible. Thompson said while Firefox and other "non-IE" browsers avoid exploits, ActiveX control issues and browser helper object (BHO) issues, the alternatives are not necessarily immune to keyloggers, LSP injectors, remote administration tools, and adware that is "invited in."

In terms of the Firefox spyware tipping point, Thompson said he believed 10 percent market share might be too low, but again emphasized that increased spyware competition will put other browsers to the spyware test.

Working on it now

For his part, Stu Sjouwerman -- founder and COO of Counterspy maker Sunbelt Software -- agreed that Firefox spyware is likely in 2005.

"I'm pretty sure you can expect one or two Firefox (spyware) exploits before the end of the year," Sjouwerman said. "The more popular a platform gets, the more likely it is to come under attack. Firefox -- which I use myself -- I don't think is going to be immune from that. If you go wide like this, you have to expect that your product will be exposed to a trial by fire."

Sjouwerman reported that his company's research on Firefox revealed some Explorer-like situations that may draw spyware.

"We looked into it and found that the security of Firefox had similar openings or vectors where spyware can be utilized to exploit or bypass protection," he said.

Adding that the spyware exploits would have to be changed to target Firefox, Sjouwerman said once the alternative browser has around 15 percent of the browser market, it will be "commercially interesting" for spyware creators to target. In response to spyware for Firefox, Sjouwerman said developers and other backers of the alternative browser will fix the holes that allow it. Third-party companies, such as Sunbelt, will also provide protection against spyware for Firefox, he added. There is not yet a Firefox version of Sunbelt's CounterSpy anti-spyware, but it is coming, the company has said.

Sjouwerman indicated spyware writers are likely already playing with other, non-IE browsers and the first spyware for Firefox -- the most likely browser to "break through" with significant market share -- is probably coming soon.

"I wouldn't be surprised if a couple of Russian spyware writers were turning Firefox inside out," he said. "In the next couple of months, we'll see the first exploits."

Another perfect example of what happens when you band-aid a problem rather than solve the root cause. Of course spyware will show up for Firefox. Why wouldn't it? The root problem hasn't been addressed and until it is, spyware is going to be just another part of daily life on the internet.

Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

But by the time a bunch of spyware shows up for Firefox peopel will already be updated to 1.1 or even Googles browser if they finish it.
Perhaps the times have changed to a point where we will just update our browser every few months and stay ahead of the spyware developers.

Originally posted here by gold eagle Installing one of firefox's updates recently, gave me one. My anti spy programs caught it right away so I would say expect more.

Really? Do you recall what? Or was it one of the extensions you've installed?

Of course firefox will be susceptible. As will Opera, Timmy77. thehorse13 has it right, you can bandaid the problem all you want, but if heal the source of the problem, the bandaids become unnecessary.

Turning on the 'ultraparanoid mode' for Firefox will help, a lot. So will using spyware scanners, antivirus, etc. But the real solution is user education. And we all know how easy that is to accomplish.

"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --SpafAnyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

Originally posted here by Soda_Popinsky Don't even mention Google spyware... The data mining potential they have is sickening, and if they do it already I wouldn't be suprised.

Depending on your perspective, they already do. Ad Words by Google ring a bell? Their position is, IIRC, the Ad's are generated entirely by computer, which is just looking at what you've queried and comparing it within their search engine, tweaked by their Ad division, to display results. User info is not kept or tracked, and it's a 'per search' thing.

The question is, do you believe them? Personally, I tend to. I've read a lot of the write ups and interviews about Larry and Sergey, and I think they are sincere when they say "Don't be evil" is their motto.

Yes, many people have contested this, and there is a huge potential for abuse, but it comes down to who do you choose to trust, and why? Even paranoids have enemies, but the worst of conspiracies have a positive goal (even if its only positive from their own point of view.)

"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --SpafAnyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.